VYPR
High severity7.5NVD Advisory· Published Jan 27, 2018· Updated Jun 17, 2026

CVE-2017-18077

CVE-2017-18077

Description

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
brace-expansionnpm
< 1.1.71.1.7

Affected products

1

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.